Defender Updates via WSUS

Nicusor Adrian Pelivan 41 Reputation points


In our environment, we use WSUS to update Defender AV definitions.
But on some Servers 2016, Defender is not automatically updating from WSUS. I checked on WSUS and all definition updates are marked as "not applicable". Automatic approval is already configured and many other servers work fine.

When I check the Defender logs, I can see this:

MpCmdRun: Command Line: "C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2209.7-0\MpCmdRun.exe" SignatureUpdate -ScheduleJob -RestrictPrivileges -Reinvoke
Start Time: ‎vr ‎nov ‎18 ‎2022 09:17:35

MpEnsureProcessMitigationPolicy(0x5): hr = 0
Start: MpSignatureUpdate()

Service Version: 4.18.2209.7
Engine Version: 1.1.19800.4
AntiSpyware Signature Version: 1.379.499.0
AntiVirus Signature Version: 1.379.499.0
Calling MpUpdateStartEx with option 0x5
Update started
Search Started (WSUS update) (Path: https://"WSUS Server path")...
Time Info - ‎vr ‎nov ‎18 ‎2022 09:17:59 Search Completed
Update completed succesfully . no updates needed (hr:0x00000001)
Finish: MpSignatureUpdate()
MpCmdRun: End Time: ‎vr ‎nov ‎18 ‎2022 09:17:59

Even though there are new updates released, Defender is not updating stating that no updates are needed (my guess would be that this is the reason why the updates are marked as "not applicable").

When we update manually from the Defender GUI, the updates everything works fine.

Please let me know what I could check for this issue.

Windows Group Policy
Windows Group Policy
A feature of Windows that enables policy-based administration using Active Directory.
2,152 questions
Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,337 questions
{count} votes

1 answer

Sort by: Most helpful
  1. S.Sengupta 7,601 Reputation points MVP

    Kindly go through the following Microsoft reference and check all the steps:

    Use WSUS to deploy definition updates to computers that are running Windows Defender

    0 comments No comments